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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 
All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Aiiowance (P i OL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 
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2. S The allowed claim{s) is/are 1-5. 7-13. 15-20. 22-25. 27-30. 32-34. 36-38. 40-42. 44-45: renumbered as 1-37 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
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1. □ Certified copies of the priority documents have been received. 
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International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: 
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(a) D including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 
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Paper No./Mail Date 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheets) should be labeled as such in the header according to 37 CFR 1.121(d). 
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EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to the applicant, an amendment may be filed as 
provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

2. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Philip S. Lyren on 1/16/2008. 

The application has been amended as follows: 

Claim 1:. 

In a computer including hardware, a virtual machine monitor, and first and second 
operating system instances, a method comprising: 

using the virtual machine monitor (VMM) to expose the first operating system 
instance to a first hardware partition of the hardware and prevent the first operating 
system instance from discovering a second hardware partition of the hardware; 
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using the virtual machine monitor to expose the second operating system 
instance to the second hardware partition and prevent the second operating system 
instance from discovering the first hardware partition; and 

using the virtual machine monitor to share at least some of the hardware among 
the first and second operating system instances that are booted on the VMM after the 
hardware is configured, wherein the VMM configures the hardware so accesses to 
requested addresses by the first OS trap to the VMM. the traps occurring during 
resource discovery of memory installed and input/output (I/O) devices present by a 
booting operating system (OS) instance consisting one of the first or second OS 
instances, and the VMM responds to a trap by misinforming the booting OS instance 
about the existence of hardware not in its partition. 

Claim 20: 

In a computer including hardware, a virtual machine monitor running on the hardware, a 
method comprising: 

booting a plurality of operating system (OS) instances on the virtual machine 
monitor (VMM); 

using the virtual machine monitor to expose each of the booting operating system 
instances to its own partition and to prevent each of the operating system instances 
from discovering other hardware partitions; and 

using the virtual machine monitor to share at least some of the hardware among 
the operating system instances; 
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wherein operation of the virtual machine monitor is transparent to the plurality of 
operating system instances, which are booted on the VMM after the hardware is 
configured, wherein the VMM configures the hardware so accesses to addresses 
requested by the anv OS instance trap to the VMM, the traps occur during resource 
discovery of memory installed and input/output (I/O) devices present by the a booting 
OS instance, and the VMM responds to a trap by misinforming the booting OS instance 
about an existence of hardware not in its partition , and wh e r e in th e first a nd s e cond 
i nstanc e s aro bootod on the VMM aftor tho hardwar e i s configur e d . 

Claim 29: 

A computer comprising: 

memory for storing a virtual machine monitor (VMM), a first operating system 
(OS) and a second OS; 

a processor for running the VMM and first and second OS instances on the 

VMM; 

the VMM designed to expose a first OS instance to a first hardware partition and 
prevent the first OS instance from discovering a second hardware partition; 

the VMM designed to expose a second OS instance to the second hardware 
partition and prevent the second OS instance from discovering the first hardware 
partition; 

the VMM designed to allow at least some hardware sharing among the first and 
second OS instances, which are booted on the VMM after the hardware is configured. 



Application/Control Number: Page 5 

10/676,921 

Art Unit: 2195 

wherein the VMM configures hardware so accesses to requested addresses by the first 
OS trap to the VMM, the traps occur during resource discovery of memory installed and 
input/output (I/O) devices present by the a booting OS instance consisting one of the 
first or second OS instance, and the VMM responds to a trap by misinforming the 
booting OS instance about an existence of hardware not in its partition and wh e r e in th e 
firot and second i nstancos aro booted on tho VMM after tho hardwar e is configur e d . 

Claim 30: 

A computer for running first and second operating system (OS) instances, the computer 
comprising hardware including memory, the memory encoded with a virtual machine 
monitor (VMM) f or exposing the first OS instance to a first partition of the hardware and 
preventing the first OS instance from discovering a second partition of the hardware; 
exposing the second OS instance to the second hardware partition and preventing the 
second OS instance from discovering the first hardware partition; and sharing at least 
some of the hardware among the first and second OS instances that are booted on the 
VMM after the hardware is configured, wherein the VMM configures the hardware so 
accesses to requested addresses by the first OS trap to the VMM^the traps occur 
during resource discovery of memory installed and input/output (I/O) devices present by 
the a booting OS instance, consisting one of the first or second OS instance , and the 
VMM responds to a trap by misinforming the booting OS instance about an existence of 
the hardware not in its partition. 
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Claim 38: 

An article for a computer, the article comprising computer memory encoded with a 
virtual machine monitor (VMM) for exposing a first operating system (OS) instance to a 
first hardware partition and preventing the first OS instance frohri discovering a second 
hardware partition; exposing a second OS instance to the second hardware partition 
and preventing the second OS Instance from discovering the first hardware partition; 
and sharing at least some of the hardware among the first and second OS instances 
that are booted on the VMM after the hardware Is configured, wherein the VMM 
configures the hardware so accesses to requested addresses by the first OS trap to the 
VMM, the traps occur during resource discovery of memory installed and input/output 
(I/O) devices present by the a booting OS instance, consisting one of the first or second 
OS instances, and the VMM responds to a trap by misinfomriing the booting OS 
instance about an existence of the hardware not in its partition. 

3. Pursuant to MPEP 606.01 , the title has been changed to read: 

- Resource Allocation and Protection in a Multi-virtual Environment- 

REASONS FOR ALLOWANCE 

4. The following is an examiner's statement of reasons for allowance: 

All of the independent claims contain the detailed limitations of a booting 
operating system attempting to access specific parts of hardware that is not designated 
to it, in which case the virtual machine monitor responds by trapping the access to itself 
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during resource discovery. Then the virtual machine monitor misinforms the booting OS 
instance about the existence of the hardware that the OS is trying to access. 

The cited prior art at best teaches portioning resources to virtual machines and 
disabling accesses among different partitions, and trapping these accesses to a virtual 
machine monitor in order to change resource allocation to a particular machine 
(Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor; 
Proceedings of the 9^^ USENIX Security Symposium; Section 1.3). None of the prior art 
of record details such trapping as occurring during resource discovery of memory 
installed and I/O devices present, nor did they teach misinforming the booting OS 
instance about the existence of hardware not in its partition. Therefore, the claims are 
allowable for at least those reasons. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

Any inquiry concerning this communication or.earlier communications from the 
examiner should be directed to MengYao Zhe whose telephone number is 571-272- 
6946. The examiner can normally be reached on Monday Through Friday, 7:30 - 5:00 
EST. 
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If attempts to reach the exarniner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai An can be reached on 571-272-3756. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Infomiation regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



M.Z.. 1/18/2008 




PRIMARY EXAIffNER 



